<?php include('php/authenticatephastregex.php'); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
 "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
  <head>
    <title>Add a user.</title>
    <meta http-equiv="Content-Type" content ="text/html; charset=utf-8">
    <link rel="stylesheet" href="authenticatejw.css" type="text/css">
<?php
include('php/jasonweirather.php');
echo('
  </head>
  <body>
    <div id="input_form">
     <div id = "add_user">
      <div id="challenge">
');
if($_POST['first_name'] !=NULL && $_POST['last_name'] != NULL && $_POST['username'] != NULL && $_POST['password'] != NULL) { 
  #if we have the post info try it.
  $database = 'security';
  include("php/dbconnect.php");
  $first_name = $_POST['first_name'];
  $last_name = $_POST['last_name'];
  $username = mysql_real_escape_string($_POST['username']); # two functions outside the wall
  $password = mysql_real_escape_string($_POST['password']) . "SALTDONOTCHANGE123"; # two functions outside the wall
  $query = "SELECT db_id FROM users WHERE username = '$username'";
  $result = mysql_query($query);
  $row = mysql_fetch_object($result);
  if($row != NULL) { 
    echo("username $username exists already.<br>\n");
  } else {
    $query = "INSERT INTO users (first_name,last_name,username,password) VALUES ('$first_name','$last_name','$username',MD5('$password'))";
    $result = mysql_query($query);
    echo("added user $username<br>\n");
  }
}

echo('
      Add a user.
      <form action="'.$self.'" method="post">
        First name: <input type="text" name="first_name" class="input_box"><br>
        Last name: <input type="text" name="last_name" class="input_box"><br>
        username: <input type="text" name="username" class="input_box"><br>
        password: <input type="password" name="password" class="input_box"><br>
        <input type="submit" value="Submit"/>
      </form>
     </div>
     </div>
    </div>
  </body>
</html>
        ');
    ?>

